docs(httpauth-firebase): fix rbac tier reference from 1 to 0

rbac is a Tier 0 module (no micro-lib dependencies). The dependency line
incorrectly cited it as Tier 1. The module's own tier (4) is unchanged —
it remains the auth layer above the transport infrastructure.

doc.go

@@ -0,0 +1,17 @@
+// Package httpauth provides Firebase-backed HTTP middleware for authentication,
+// identity enrichment, and role-based access control.
+//
+// Typical middleware chain:
+//
+//	r.Use(httpauth.AuthMiddleware(firebaseClient, publicPaths))
+//	r.Use(httpauth.EnrichmentMiddleware(userEnricher, httpauth.WithTenantHeader("X-Tenant-ID")))
+//	r.Use(httpauth.AuthzMiddleware(permProvider, "orders", rbac.Read))
+//
+// AuthMiddleware verifies Firebase Bearer tokens and injects uid + claims into
+// the request context. EnrichmentMiddleware reads those values, calls the
+// app-provided IdentityEnricher, and stores the full rbac.Identity. AuthzMiddleware
+// resolves the permission mask and gates the request.
+//
+// All three middleware functions accept interfaces, so they can be tested without
+// a live Firebase connection.
+package httpauth